Repository: knox Updated Branches: refs/heads/master e59366faf -> fd623eb93
KNOX-25: Knox should support authentication using SPNEGO from browser Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/fd623eb9 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/fd623eb9 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/fd623eb9 Branch: refs/heads/master Commit: fd623eb936ef96ad91a56f59ad013fb58e379841 Parents: e59366f Author: Dilli Dorai Arumugam <[email protected]> Authored: Sun Jul 27 22:58:56 2014 -0700 Committer: Dilli Dorai Arumugam <[email protected]> Committed: Sun Jul 27 22:58:56 2014 -0700 ---------------------------------------------------------------------- gateway-release/home/templates/hadas.xml | 146 ++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/fd623eb9/gateway-release/home/templates/hadas.xml ---------------------------------------------------------------------- diff --git a/gateway-release/home/templates/hadas.xml b/gateway-release/home/templates/hadas.xml new file mode 100755 index 0000000..1813b83 --- /dev/null +++ b/gateway-release/home/templates/hadas.xml @@ -0,0 +1,146 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<topology> + + <gateway> + + <provider> + <role>authentication</role> + <name>HadoopAuth</name> + <enabled>true</enabled> + + <param> + <name>config.prefix</name> + <value>hadoop.auth.config</value> + </param> + <param> + <name>hadoop.auth.config.signature.secret</name> + <value>78hdkjaka</value> + </param> + <param> + <name>hadoop.auth.config.type</name> + <value>kerberos</value> + </param> + <param> + <name>hadoop.auth.config.simple.anonymous.allowed</name> + <value>false</value> <!-- default: false --> + </param> + <param> + <name>hadoop.auth.config.token.validity</name> + <value>1800</value> + </param> + <param> + <name>hadoop.auth.config.cookie.domain</name> + <value>hdp.example.com</value> + </param> + <param> + <name>hadoop.auth.config.cookie.path</name> + <value>gateway/hada</value> + </param> + <param> + <name>hadoop.auth.config.kerberos.principal</name> + <value>HTTP/[email protected]</value> + </param> + <param> + <name>hadoop.auth.config.kerberos.keytab</name> + <value>/etc/knox/conf/knox.spnego.keytab</value> + </param> + <param> + <name>hadoop.auth.config.kerberos.name.rules</name> + <value>DEFAULT</value> + </param> + + </provider> + + <provider> + <role>identity-assertion</role> + <name>Pseudo</name> + <enabled>true</enabled> + <!-- param> + <name>principal.mapping</name> + <value>sam=god;</value> + </param --> + + </provider> + + <!-- + Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names. + For example, a hadoop service running in AWS may return a response that includes URLs containing the + some AWS internal host name. If the client needs to make a subsequent request to the host identified + in those URLs they need to be mapped to external host names that the client Knox can use to connect. + + If the external hostname and internal host names are same turn of this provider by setting the value of + enabled parameter as false. + + The name parameter specifies the external host names in a comma separated list. + The value parameter specifies corresponding internal host names in a comma separated list. + + Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out + of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the + Hadoop services using localhost. In real clusters, external host names would almost never be localhost. + --> + <provider> + <role>hostmap</role> + <name>static</name> + <enabled>false</enabled> + <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param> + </provider> + + </gateway> + + <service> + <role>NAMENODE</role> + <url>hdfs://hdp.example.com:8020</url> + </service> + + <service> + <role>JOBTRACKER</role> + <url>rpc://hdp.example.com:8050</url> + </service> + + <service> + <role>WEBHDFS</role> + <url>http://hdp.example.com:50070/webhdfs</url> + </service> + + <service> + <role>WEBHCAT</role> + <url>http://hdp.example.com:50111/templeton</url> + </service> + + <service> + <role>OOZIE</role> + <url>http://hdp.example.com:11000/oozie</url> + </service> + + <service> + <role>WEBHBASE</role> + <url>http://hdp.example.com:60080</url> + </service> + + <service> + <role>HIVE</role> + <url>http://hdp.example.com:10001/cliservice</url> + </service> + + <service> + <role>RESOURCEMANAGER</role> + <url>http://localhost:8088/ws</url> + </service> + +</topology>
